Detector icon indicating copy to clipboard operation
Detector copied to clipboard

[Security] XSS in _contactform.inc.php

Open seongil-wi opened this issue 3 years ago • 0 comments

Describe the bug Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.

To Reproduce Steps to reproduce the behavior:

  1. Go to the page with following parameter: http://[localhost]/Detector/web/templates/_contactform.inc.php?cid=%3C/textarea%3E%3Cscript%3Ealert(1);%3C/script%3E
  2. Boom!

Screenshots

  • Attack result 캡처

Where the Issue Occurred The code below displays the user-controlled parameter cid without sufficient sanitization: https://github.com/dmolsen/Detector/blob/f697794be555b4a2ce070a0b1265a1eb5f87fb58/web/templates/_contactform.inc.php#L22

seongil-wi avatar Sep 09 '21 08:09 seongil-wi